Появилась необходимость удалять индексы с логами в ElasticSearch автоматически. В моем примере удаляются логи старше 4 дней.
Для этой задачи решил использовать curator: https://www.elastic.co/guide/en/elasticsearch/client/curator/current/yum-repository.html
Версия софта на момент написания статьи.
curator: 5.8.1
Elasticsearch: 7.5.0
1. Создаем два файла в /etc/elasticsearch/ curator-clients.yml и curator-actions.yml
Содержание curator-clients.yml.
client:
hosts:
- 192.168.1.110
port: 9200
http_auth: elastic:mypassword
logging:
loglevel: INFO
logfile: /var/log/curator
logformat: default
Содержание curator-actions.yml
actions:
1:
action: delete_indices
description: >-
Delete indices older than 4 days (based on index name), for logstash-
options:
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: logstash-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 4
2. Запускаем curator: curator --config /etc/elasticsearch/curator-clients.yml /etc/elasticsearch/curator-actions.yml
3. Проверяем лог удаления индексов в /var/log/curator.
020-03-06 10:36:06,704 INFO Successfully created Elasticsearch client object with provided settings
2020-03-06 10:36:06,707 INFO Trying Action ID: 1, "delete_indices": Delete indices older than 4 days (based on index name), for logstash- prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly.
2020-03-06 10:36:07,120 INFO Deleting 2 selected indices: ['logstash-2020.02.24', 'logstash-2020.03.01']
2020-03-06 10:36:07,120 INFO ---deleting index logstash-2020.02.24
2020-03-06 10:36:07,120 INFO ---deleting index logstash-2020.03.01
2020-03-06 10:36:07,807 INFO Action ID: 1, "delete_indices" completed.
2020-03-06 10:36:07,807 INFO Job completed.
Для этой задачи решил использовать curator: https://www.elastic.co/guide/en/elasticsearch/client/curator/current/yum-repository.html
Версия софта на момент написания статьи.
curator: 5.8.1
Elasticsearch: 7.5.0
1. Создаем два файла в /etc/elasticsearch/ curator-clients.yml и curator-actions.yml
Содержание curator-clients.yml.
client:
hosts:
- 192.168.1.110
port: 9200
http_auth: elastic:mypassword
logging:
loglevel: INFO
logfile: /var/log/curator
logformat: default
Содержание curator-actions.yml
actions:
1:
action: delete_indices
description: >-
Delete indices older than 4 days (based on index name), for logstash-
options:
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: logstash-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 4
2. Запускаем curator: curator --config /etc/elasticsearch/curator-clients.yml /etc/elasticsearch/curator-actions.yml
3. Проверяем лог удаления индексов в /var/log/curator.
020-03-06 10:36:06,704 INFO Successfully created Elasticsearch client object with provided settings
2020-03-06 10:36:06,707 INFO Trying Action ID: 1, "delete_indices": Delete indices older than 4 days (based on index name), for logstash- prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly.
2020-03-06 10:36:07,120 INFO Deleting 2 selected indices: ['logstash-2020.02.24', 'logstash-2020.03.01']
2020-03-06 10:36:07,120 INFO ---deleting index logstash-2020.02.24
2020-03-06 10:36:07,120 INFO ---deleting index logstash-2020.03.01
2020-03-06 10:36:07,807 INFO Action ID: 1, "delete_indices" completed.
2020-03-06 10:36:07,807 INFO Job completed.
